VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need help to set up Fortinet Firewall with NPS and Azure MFA, idea is to have NPS send for MFA request when signing into VPN.
Is this possible?
0
Dear Experts,

What is the requirement for a vpn access for a new office with just internet?

Any feedback will be helpful.
0
I download some time back the apps for my iPhone 11 called  WARP VPN or 1.1.1.1. from Cloudflare.

WarpCloudFlarePROBLEM
It's been working fine but noticed that for some apps or web pages it blocks it.  I have to disabled it for an hour or entirely.  The apps with the problem is YouTube.  If I have it enable, YouTube wont work.

Is there a setup I have overlooked?

Help Please
0
In view of the pandemic, 300-500 staff are to work from home
using VPN.

I'll need an assessment if GPO update (push down to those
remote PCs that are company-owned PCs) should be disabled
or enforced  so need assessments from experts here.

a) if we don't push down the latest policies, NAC requirements
    like AV signatures & patches may not be up-to-date & this
    work-from-home arrangement can last 1-2 months (subject
    to how long the health authority retain the alert level)

b) however, if we enforce &  critical PCs are blocked from
    accessing due to outdated signatures/patches, it will be a
    service disruption to those critical users.  Or if it's blocked,
    feasible for the support guys to exempt those PCs to
    enable them to temporarily connect (to get AV updates
    from our internal AV server) & WSUS?

c) is the GPO update going to consume a lot of bandwidth?
    we have 50Mbps dedicated for VPN users

d) for some reason (I don't know why), we permit split
    tunnelling on our VPN  though the PCs'  browsers are
    locked (greyed out & users can't change) to go thru
    our company proxy so they can't browse public Internet
    using IE/Chrome/FFox but an ultra-secure browser (that
    disallows upload/downloads): only for trusted sites like
    our Intranet, zoom.us (for remote conferencing) & O365
    URLs, we whitelist in the GPO (ie the 'exclusion' URLs/
    IP section in IE/Chrome) & proxy to enable IE/Chrome to
   …
0
We are having some issues with a couple of users accounts that login to a terminal server via vpn.
The server is running 2012 R2
So what I need to do is delete the users profiles of which they use roaming profiles.
So do I delete this on the Terminal server I would think, and if so, what are the steps that I need to perform to delete these?
I am thinking there is a folder location some place for the roaming profiles that needs deleted?
Thanks
0
We a couple of users that each time they login to the VPN, their AD accounts get locked out after they login. (server 2012 R2)
So there able to login but their AD do lockout after that.
If we reset their accounts after a few minutes their AD account locks out again.
They are using Cisco VPN.
Anyone have any idea on why it keeps locking out their AD account when logging into the VPN?
If they don't login to the vpn, their AD does not ever lock.
0
I have a client that is running Windows Server 2016. They have two FTP sites (behind a VPN firewall) on Ports 21 and 21000. The reason they have 2 FTP sites to to accommodate different aspects of their business.

These FTP sites recently stopped working for no obvious reason and I've set-up SFTP for them.

Following an online set of directions I found [1], I am able to have certain users land in a given folder (e.g. ~\ProgramData\ssh\sshd_config) with the directive:

ChrootDirectory D:\FTPSites\Site

Open in new window


Otherwise it defaults to C:\Users\UserName, which is not acceptable to them long-term.

Is there a way to have SFTP go to a different directory based on the local user accessing the server? Or is SFTP limited to only one folder a user can "Chroot" to?

Thanks!

[1] https://tech.xenit.se/installing-and-configuring-sftp-server-on-windows-server-2016/
0
We have been using the VPN that is built into Windows. Our server is Windows Server 2016 and our workstations are Windows 10 Pro.  Most of us are remote, so we VPN to connect and work.  Some users are having issues where the VPN keeps dropping and not related to internet, the internet service is fine, just the VPN will randomly disconnect.  Would it be better to use a VPN router and if so, which one and do we just need one at the data center where the server is, or does every remote person need a matching VPN router?
0
Dear Experts
We have main office with Windows AD as DNS and DHCP server, we have following requirement
1.      Branch office is connected over MPLS network to main office, branch office IP subnet is 192.168.114.0/24 and main office network is 109.0/24 both the networks can talk to each other, we would like to join the branch office systems to the main office Windows AD domain. Please suggest how and where to add this IP subnet in the windows AD so that branch office different IP subnet gets resolved with main office Windows AD, please help with steps on “HOW TO”
2.      Few home users connect to the office network using Cisco Anyconnect client VPN software with the IP pool 172.0.0.0 series. please suggest where in windows AD to configure this IP pool so that this gets resolved via windows AD DNS.
Thanks in advance.
0
I have a meraki MS225 attached to a Cisco 2900 router configured for NAT. I can see the Meraki has a private IP and I can ping it locally and over VPN. I see NAT translations from it. But it fails to register to Meraki cloud. Any thoughts?

I also notice that sho cdp nei is failing to show it. But I can see the arp entries.
0
Is there a way to secure a VPN client settings?  Just want to know so that if a computer is stolen, how can we prevent the VPN client settings from the thief?
0
I need help to establish a VPN connection from my home Linux box (Debian 10) to office's SonicWall TZ300 using strongswan ipsec.
Here is my config files:/etc/ipsec.conf
conn GroupVPN
        auto=add
        left=%any
        leftid=@GroupVPN
        leftsourceip=%config4
        leftsubnet=192.168.1.2/32
        leftfirewall=yes

        right=<SW_IPaddress>
        rightid=@<UniqueFirewallIdentifier>
        rightsubnet=10.0.0.0/24

        keyexchange=ikev1
        keyingtries=0
# aggressive=yes disabled by default when auth by PSK. It's enabled by setting
# charon.i_dont_care_about_security_and_use_aggressive_mode_psk=yes in strongswan.conf
# see https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Aggressive-Mode
        aggressive=yes
# see https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites
        ike=3des-sha1-modp1536!
        esp=3des-sha1-modp1536!
        authby=xauthpsk
        xauth_identity=<MyUserName>
        ikelifetime=8h

#include /var/lib/strongswan/ipsec.conf.inc

Open in new window

/etc/ipsec.secret
#include /var/lib/strongswan/ipsec.secrets.inc

@GroupVPN @<UniqueFirewallIdentifier> : PSK <SharedSecret>
<MyUserName> : XAUTH "<MyUserPassword>"

Open in new window



# ipsec statusall
Status of IKE charon daemon (weakSwan 5.7.2, Linux 4.19.75+, armv6l):
  uptime: 2 seconds, since Jan 28 19:02:33 2020
  malloc: sbrk 811008, mmap 0, used 468032, free 342976
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Listening IP addresses:
  192.168.1.2
Connections:
    GroupVPN:  %any...<SW_IPaddress>  IKEv1 Aggressive
    GroupVPN:   local:  [GroupVPN] uses pre-shared key authentication
    GroupVPN:   local:  [GroupVPN] uses XAuth authentication: any with XAuth identity '<MyUserName>'
    GroupVPN:   remote: [<UniqueFirewallIdentifier>] uses pre-shared key authentication
    GroupVPN:   child:  192.168.1.2/32 === 10.0.0.0/24 TUNNEL
Security Associations (0 up, 0 connecting):
  none

Open in new window

GroupVPN policy/AdvancedVPN/Advanced SettingsFrom SonicWall log (most recent at the top):

Open in new window

0
Mysql VPN.
HI..how do I share or connect Mysql using a Internet private VPN?   NOTE: I ms access as a front end....also Work bench to manage
0
Which model of Meraki SD WAN (MX I think) device best suits the data center in a dual-hub and spoke toplogy? The MX84 I believe would work find in the remote office. Thank you.
0
Hi Please see the topology ASA1------internet -------ASA2 --------router1--------router2 or server. The two ASA are connected by point to point VPN. My question is if or how ASA1 or users behind the ASA1 can access router2 or server? Thank you
0
Is there a way to lock down the certificate issued from the ASA to a specific host?   I love the ease of a VPN client, but an worried that the certificate can be copied and put on other systems.


Fox
0
I have an Azure VPN established to my on-prem firewall where my single domain AD Forest is. My goal is to get a Domain Controller VM up and running in Azure. I can already connect to the VM from on-site and vice versa, but I haevn't promoted to a DC yet.
My question is, would I need to configure the DNS settings at the VM level to point to an on-prem DC for it to see and join the domain? It's a single VNet with multiple subnets so I don't want the whole VNet using an on-prem DC as DNS.
I was going to also setup Windows Virtual Desktop in Azure and I'm not sure if those VMs that join this Domain would need to be using it as a DNS server or not.
And should I set the Azure VM DC to a static IP in its NIC properties?
0
I have a TS-215 running firmware 4.4.1.1146.  I am trying to setup a VPN connection to the device following this article:

https://www.qnap.com/en/how-to/tutorial/article/how-to-set-up-and-use-qvpn-2-0/

I have the firewall port setup for the VPN connection and correct internal IP of the QNAS.  I have the QBELT server enabled, User privilege assigned,  and setup the connection profile.  I then downloaded the installer/config file and installed to a Windows 10 system.  When I go to connect, I can watch the process of dialing, then see it try to authenticate.  At that point I get an error "Unabel to create a VPN connection" I went back through the setup steps again, and do not see where I have missed anything.

Has anyone setup a VPN to a QNAS?  Is there something I have overlooked?
0
Hi,

Please see https://www.experts-exchange.com/questions/29169605/Synology-router-and-or-nas-on-permanent-vpn-split-vpn.html

I now have UnlimitedVPN but how can I manage tractor/route f.e.my home network that only Netflix goed through the vpn (I have a Synology NAS which could run a virtual Synology or a Synology router which has vpn server). I could setup a pptp VPN on my router but how-to split then only the Netflix traffic? Also I d like to keep the lotion to connect from my Android or Windows to my Synology router vpn, also connect to my Synology lezing DsFile (no vpn) ...
Iow I d like to granularely control network traffic also securing network using the vpn (like the occasional torrent download: run on my virtual nas and use the vpn there too? secure full network by routing everything through vpn ... not sure) and like to know how to approach.

Thanks :-)

J
0
I have a group of outsourced workers that work for me from India.  We are wanting them to be able to send PDF documents directly to a printer in our office in the US, but.... do not want to have them connecting to our office via a VPN or anything like that.

With that being said, I am wondering if it is possible to have them email the PDF to an email address that uses Outlook 2016 and setup a script or something that would run every 30 seconds or so looking for all new emails and automatically printing any attachments, then marking the email as read and moving to another folder?

If so, can I get assistance with the code/script or any software that would do this?  In pretty bad need as this was just added to my plate and they want it ready by Monday.
Any assistance is appreciated.  Operating System is Windows 10 Pro, 64 Bit
0
Hello
Two issues, possibly linked in some way.  First is, VPN clients are showing their local IP and VPN IP (from ASA) in DNS i.e. 10.255.253.1 and 10.255.240.51  This causes issues connecting to the VPN IP 10.255.253.1 beciase of 2 DNS entries.  Client on the LAN where the DHCP/DNS servers reside work fine.  Only affect VPN users.

Other problem is that when clients are not showing the local IP of their WIFI card in DNS and showing the correct IP (it was working at some point previously) we cannot browse to that machine, so remote management doesnt work.

Ideas?
0
Hi,

I m thinking of setting up a permanent vpn for my Synology router (mr 2200 ac and/or Synology nas ds918+).

The idea is that this adds extra protection, maybe also speed (I know in general speed hoes down but maybe by using compression techniques?) and anonymity (add blocking/spyware blocking offered by vpn providers, also tracking my Internet usage by companies will be harder).

Also, that way I could put my home network wherever I want in the world.
Disadvantage might be that I get search results for that country I set my vpn to.
Advantage: I could switch Netflix to another country :-)

Note: have already Pihole and safe browsing enabled (Synology router).

I do would need split tunneling then since I d need to be able to vpn to my synologies vpn server. Also I guess I better take a vpn connection to a nearby country for low latency.

For the vpn I d take a lifetime subscription on f.e. fastestvpn or vpn unlimited.

Lots of open questions. Anyways, appreciate your input!
J
0
I have an odd issue. I have a domain user that moved out of state and took their computer with them. Before they left I made them administrator of their machine so that they could log onto the machine without being connected to the domain. Then once they are logged into the computer they can start their VPN session and connect to the domain and use their email, file services and ERP system. On Friday they changed their password but now they cannot sign into their computer. I have connected remotely to their machine as administrator and removed them from the machine as administrator connected to the VPN and re-added the user to the computer as administrator but when I log out and try to come back in to the computer as the user it still says the password is incorrect.

I tried to work around this problem and have the user sign in as a local account on that computer but when I try to add that user to the computer it will not allow it becuase the user has not been created but that is what I am trying to do.  

I have the user signed into her computer as domain admin then configured all their resources under the admin login but I need to have the previous solution work. What can I do to get that comptuer to allow the user to sign into that computer using their domain credentials so they can get to their home screen and start up their VPN and connect to their network resources?
0
We are using Cisco AnyConnect to connect remote users to ASA's. We have Regions with remote offices in each Region. Remote Offices at each Region connect via Site to Site VPN's. Remote Users connect to Region ASA's via AnyConnect.

For Example, Remote User1 uses Cisco AnyConnect to Access Region Site 1 through an ASA. This works and works well.

Remote User1 can access Region Site 1, and our ASA allows User1 to Access Region Site 1 and Region Site 2. This works and works well.

Remote User1 cannot access another Remote Office ASA through it's Region

Our problem is when Remote User1 connects to Region Site 1 ASA and tries to access another Remote Office. So we are trying to go from Remote User to Region ASA to a Remote Office that is connecting to the Region ASA via Site to Site VPN tunnels.

Couple of Questions:

1. Is this do-able?
2. We have been getting IP Spoof errors on ASA
3. We have created rules to allow the traffic
4. We have created a NAT exception

So ideally, we would like Remote User1 to connect to the Region ASA and be able to connect to another Remote Office ASA. We would like the Remote User1 to be re-ip'd with the Remote Office ASA ip scheme.

Am I making sense or am I crazy?
0
We have two locations.  A main office and a small remote office over 200 miles away.   I have been asked to update the VPN connection between the two sites to allow a second VPN to communicate between the sites.  

This is a production system in use 24/7 and there is no one at the remote site who can assist with this so I want to make sure I only have to go down there once, get it done as quickly as possible and don't cause any issues.  

In the main office we have a primary switch which acts as our router, a second switch is connected to it for local connections, an ASA used for a VPN connection to the remote site and a cable internet connection with its own firewall.    

On the switch used a a router we have the following vlans defined
vlan 10 (private) IP 172.16.10.254/24 ports 1/1
vlan 20 (data) IP 192.168.10.254/24 ports 1/2-1/45
vlan 30 (voice) IP 192.168.110.254/24 ports 1/2-1/45
vlan 100 (VPN) IP 192.168.100.22/29 port 1/46

Routes
route 0.0.0.0 0.0.0.0 192.168.10.1

route 192.168.3.0 255.255.255.0 192.168.100.21
route 192.168.103.0 255.255.255.0 192.168.100.21
route 10.10.10.0 255.255.255.0 192.168.100.21
route 192.168.100.50 255.255.255.255 192.168.100.21
route 192.168.100.200 255.255.255.252 192.168.100.21
VLAN 100 Port 46 is connected to the ASA LAN port

At the remote site we have an ASA and a switch
The following VLANS are defined on the switch
vlan 110 (data) IP 192.168.3.250/24  ports 1/2-1/46
vlan 120 (voice) ip …
0

VPN

24K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.